The public key can be created in memory and not on token, this is also much faster. You can do whatever you like with the public key once in memory.
The pkcs11-tool can always create the public key from the stored private key object whenever requested. Alon. On Thu, Mar 12, 2009 at 11:42 PM, Rickard Bondesson <rickard.bondes...@iis.se> wrote: > And people expect to get a key pair on the token when using pkcs11-tool to > generate a key pair. As of now they only get the private key since the > public key is removed when the session closes. > If they want to save space and remove the public key then use pkcs11-tool -b > ... > > 12 mar 2009 kl. 22.23 skrev "Rickard Bondesson" <rickard.bondes...@iis.se>: > > True, the public key do take place. But you need the public to be able > to verify signatures (private keys do not have the verify attribute). > So you prefer that you create a temporary public key each time you > want to verify anything? > > If you still do not want to create a public key token object, then you > have to rewrite some of the functions in pkcs11-tool that requires the > public key. > > 12 mar 2009 kl. 19.49 skrev "Alon Bar-Lev" <alon.bar...@gmail.com>: > >> This is not required, as one can get this from private key attributes >> or from the certificate. >> It just waste card storage... >> I read the message in reference, and I think that there should be a >> different solution for this >> without storing the public >>> >>> >>> >>> >>> >>> > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
